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Detailed Action 

Claims 1-32, 40-62 are pending in this Office Action. 

Claims 33-39 are cancelled. 

Claims 1, 3, 9, 26, 27, 40, and 61 are amended. 

The objections to the specification and claim 1 are withdrawn in light of applicant's 
amendments. 

The 35 U.S.C. 1 12, second paragraph rejections are withdrawn in light of applicant's 
amendments. 

The claims and only the claims form the metes and bounds of the invention. "Office 
personnel are to give claims their broadest reasonable interpretation in light of the supporting 
disclosure. In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023, 1027-28 (Fed. Cir. 1997). 
Limitations appearing in the specification but not recited in the claim are not read into the claim. 
In re Prater, 415 F.2d 1393, 1404-05, 162 USPQ 541,550-551 (CCPA 1969)" (MPEP p 2100-8, 
c 2, 1 45-48; p 2100-9, c 1, 1 1-4). The Examiner has full latitude to interpret each claim in the 
broadest reasonable sense. The Examiner will reference prior art using terminology familiar to 
one of ordinary skill in the art. Such an approach is broad in concept and can be either explicit or 
implicit in meaning. 

Response to Arguments 

Applicant's arguments filed in the amendment filed 10/30/07, have been fully considered 
but they are not persuasive. The reasons are set forth below. 
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Applicant's invention as claimed : 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis 
for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 1, 10-16, 24; 40, 49-52, 60 are rejected under 35 U.S.C 102(b) as being 
anticipated by U.S. Patent No. 6,119,236 by Shipley. 

Regarding claim 1, a network data classifier configured to statistically classify data (Shipley: col. 
3, lines 45-54) comprising: 

one or more network interfaces configured to receive packets carrying the data (Shipley: 
col. 5, lines 24-32); 

a feature extraction hardware block coupled to the one or more network interfaces and 
configured to extract a plurality of features from the received data (Shipley: col. 5, lines 58- col. 
6 ? line 2; Fig. 2, tags 34, 36); 

a statistical classifier coupled to the feature extraction hardware block and configured to 
statistically classify the data into any one of a plurality of data classes in accordance with the 
extracted features (Shipley: col. 7, lines 1-50); and 

a policy engine coupled to the statistical classifier and configured to defuse rules 
corresponding to the data classes (Shipley: col. 7, lines 51-56), wherein the statistical classifier is 
further configured to statistically classify the data at a same rate at which the network interface 
receives the packets (Shipley: col. 6, lines 4-14). 

Regarding claim 10, the network classifier of claim 1 wherein the feature extractor is 
programmable (Shipley: col. 8, lines 30-49). 
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Regarding claim 1 1, the network classifier of claim 1 wherein the statistical classifier is 
programmable (Shipley: col. 4, lines 30-56; col. 7, lines 24-27). 

Regarding claim 12, the network classifier of claim 1 wherein the policy engine is programmable 
(Shipley: col. 7 5 lines 51-58). 

Regarding claim 13, the network classifier of claim 1 wherein the received data is one of 
messages, files, streams, documents, web pages, and e-mails (Shipley: col. 2, lines 43-56). 

Regarding claim 14, the network classifier of claim 1 wherein the network interface is 
configured to interface with at least one of an Ethernet network, a SONET network, and an ATM 
network (Shipley: col. 3, line 50). 

Regarding claim 15, the network classifier of claim 1 wherein the packets are received via an 
Internet Protocol (IP) network (Shipley: col. 5, line 1-14). 

Regarding claim 16, the network classifier of claim 1 wherein the feature extraction hardware 
block is configured to match extract features against a database of textual patterns (Shipley: col. 
5, lines 58- col. 5, line 30). 

Regarding claim 24, the network classifier of claim 1 wherein the at least one feature is selected 
from a group consisting of indicator vector, histogram, multitude of statistics associated with the 
data, mathematical transformation, timing information, and network events (Shipley: col. 6, lines 
31-56). 

Regarding claim 40, a method for statistically classifying data (Shipley: col. 3, lines 45-54), the 
method comprising: 

receiving packets carrying the data (Shipley: col. 5, lines 24-32); 
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extracting a plurality of features from the received data (Shipley: col, 5, lines 58- col. 6, 
line 2; Fig. 2, tags 34, 36); 

statistically classifying the data into a plurality of data classes in accordance with the 
extracted features and at a same rate at which the packets are received (Shipley: col. 7, lines 1- 
50); and 

applying rules corresponding to the data classes (Shipley: col. 6, lines 4-14). 

Regarding claim 49. the method of claim 40 wherein the received data is one of messages, files, 
streams, documents, web pages, and e-mails (Shipley: col. 2, lines 43-56). 

Regarding claim 50, the method of claim 40 wherein the packets are received via one of an 
Ethernet network, a SONET network, and an ATM network (Shipley: col. 3, line 50). 

Regarding claim 51, the method of claim 40 wherein the packets are received via an Internet 
Protocol (IP) network (Shipley: col. 5, line 1-14). 

Regarding claim 52, the method of claim 40 further comprising: matching the extract features 
against a database of textual patterns (Shipley: col. 5, lines 58- col. 5, line 30). 

Regarding claim 60, the method of claim 40 wherein the at least one feature is selected from a 
group consisting of indicator vector, histogram, multitude of statistics associated with the data, 
mathematical transformation, timing information, and network events (Shipley: col. 6, lines 31- 
56). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
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having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 2, 41 are rejected under 35 U.S.C. 103(a) as being unpatentable by U.S. 
Patent No. 6,119,236 by Shipley in view of U.S Patent No. 6,167,047 by Welfeld (Applicant 
IDS). 

Regarding claim 2, the Shipley reference teaches the network classifier of claim 1. 

The Shipley reference fails to teach the a rate of 100 Mbits/sec. 

However, the Welfeld reference teaches wherein the rate at which the packets are 
received is greater than or equal to 100 Mbits/sec (Welfeld: col. 1, lines 35-40; col. 2, lines 36- 
39) in order to provide high speed packet classification while overcoming limits in prior art state 
machines (Welfeld: col. 1, lines 40-41, col. 2, lines 31-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include processing of speeds of 100 
Mbits/sec as taught by Welfeld in order to provide high speed packet classification while 
overcoming limits in prior art state machines (Welfeld: col. 1, lines 40-41, col. 2, lines 31-34). 

Regarding claim 41, the Shipley reference teaches the network classifier of claim 40. 

The Shipley reference fails to teach the a rate of 100 Mbits/sec. 

However, the Welfeld reference teaches wherein the rate at which the packets are 
received is greater than or equal to 100 Mbits/sec (Welfeld: col. 1, lines 35-40; col. 2, lines 36- 
39) in order to provide high speed packet classification while overcoming limits in prior art state 
machines (Welfeld: col. 1, lines 40-41, col. 2, lines 31-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include processing of speeds of 100 
Mbits/sec as taught by Welfeld in order to provide high speed packet classification while 
overcoming limits in prior art state machines (Welfeld: col. 1, lines 40-41, col. 2, lines 31-34). 

Claim 3-9, 17, 25-26; 42-48, 53, 61-62 are rejected under 35 U.S.C 103(a) as being 
unpatentable by U.S. Patent No. 6,119,236 by Shipley in view of U.S Patent Publication No. 
20020042274 by Ades. 
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Regarding claim 3, the Shipley reference teaches the network classifier of claim 1. 
The Shipley reference fails to state reordering of packets. 
However, the Ades reference teaches 

a flow identifier coupled to the one or more network interfaces and configured to identify 
a flow to which each of the received packets belongs (Ades: pages 35-36, para 541); 

a flow assembler coupled to the flow identifier and configured to reorder the received 
packets such that the order of the reordered packets matches the order in which they were 
transmitted (Ades: page 21, para 289); and 

a flow database coupled to the flow assembler and configured to maintain a record for 
each identified flow (Ades: page 35-36, para 541) in order to allow messages to be put back in 
their original stream and take the shortest path across the network (Ades: page 21, para 289; page 
35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow identifiers and reordering of 
packets as taught by Ades in order to allow messages to be put back in their original stream and 
take the shortest path across the network (Ades: page 21, para 289; page 35, para 541). 

Regarding claim 4, the network classifier of claim 3 wherein the record for each identified flow 
includes at least one of an identification number, source and destination addresses of the received 
packets, protocol identification number, information used by the feature extraction hardware 
block and information used by the statistical classifier (Shipley: col. 7, lines 1-23; information 
being accessed). 

Regarding claim 5, the network classifier of claim 4 further comprising: a host interface 
configured to receive the packets from a host system (Shipley: col. 5, lines 24-32). 

Regarding claim 6, the network classifier of claim 4 further comprising: a host interface 
configured to receive the data from a host system (Shipley: col. 5, lines 24-32). 
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Regarding claim 7, the network classifier of claim 5 wherein the host interface is coupled to a 
device selected from a group consisting of microprocessor and network processor (Shipley: col. 
9, lines 10-17). 

Regarding claim 8, the network classifier of claim 7 wherein the host system is selected from a 
group consisting of firewall (Shipley: col. 2, lines 6-24), router, switch, network appliance, 
security system, anti-virus system, anti-spam system, intrusion detection system, content filtering 
system, mail server, web server, quality of service provisioner, and gateway. 

Regarding claim 9, the network classifier of claim 8 wherein the host system is coupled to at 
least one of the flow identifier, the flow assembler, the feature extraction hardware block, the 
statistical classifier, and the flow database via one or more application programming interfaces 
(Shipley: col. 5, lines 24-32; Fig. 1). 

Regarding claim 1 7, the network classifier of claim 3 wherein the statistical classifier is 
configured to correlate events between one or more data flows (Shipley: col. 6, lines 4-18). 

Regarding claim 25, the Shipley reference teaches the network classifier of claim 3. 

The Shipley reference fails to teach storing in a flow database. 

However, the Ades reference wherein the feature extraction hardware block stores a 
history of the data it receives in the flow database, said history being used to extract the features 
from the received data (Ades: page 35-36, para 541) in order to allow messages to take the 
shortest path across the network (Ades: page 35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow database as taught by Ades 
in order to allow messages to take shortest path across the network (Ades: page 35, para 541). 

Regarding claim 26, the Shipley reference teaches the apparatus of claim 3. 
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The Shipley reference fails to state multiplexing. 
However, the Ades reference teaches: 

a data flow multiplexer, the data flow multiplexer being coupled to the one or more 
network interfaces (Ades: para 77, 289), the data flow multiplexer coupled to the one or more of 
a plurality of feature extraction hardware blocks , the data flow multiplexer providing for context 
switching between one or more of a plurality of data flows (Ades: page 21, 35 and para 77, 289); 
and 

a data flow context database, the data flow context database coupled to the data flow 
multiplexer, the data flow context database providing for retaining of state of said one or more of 
a plurality of data flows for said context switching (Ades: page 35-36, para 541) in order to allow 
messages to take the shortest path across the network (Ades: page 35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow identifiers and database as 
taught by Ades in order to allow messages to take shortest path across the network (Ades: page 
35, para 541). 

Regarding claim 42, the Shipley reference teaches the network classifier of claim 40. 
The Shipley reference fails to state reordering of packets. 
However, the Ades reference teaches: 

identifying a flow to which each of the received packets belongs (Ades: pages 35-36, 
para 541); reordering the received packets such that the order of the reordered packets matches 
the order in which they were transmitted (Ades: page 21, para 289); and maintaining a record for 
each identified flow (Ades: page 35-36, para 541) in order to allow messages to be put back in 
their original stream and take the shortest path across the network (Ades: page 21, para 289; page 
35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow identifiers and reordering of 
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packets as taught by Ades in order to allow messages to be put back in their original stream and 
take the shortest path across the network (Ades: page 21, para 289; page 35, para 541). 

Regarding claim 43, the method of claim 42 wherein the record for each identified flow includes 
at least one of an identification number, source and destination addresses of the received packets, 
protocol identification number, information used for extracting the at least one feature extractor 
and information used to statistically classify the data (Shipley: col 7, lines 1-23; information 
being accessed). 

Regarding claim 44, the method of claim 43 further comprising: receiving the packets from a 
host system (Shipley: col. 5, lines 24-32). 

Regarding claim 45, the method of claim 43 further comprising: receiving the data from a host 
system (Shipley: col. 5, lines 24-32). 

Regarding claim 46, the method of claim 44 wherein the host system is selected from a group 
consisting of microprocessor and a network processor (Shipley: col. 9, lines 10-17). 

Regarding claim 47, the method of claim 46 wherein the host system is selected from a group 
consisting of firewall (Shipley: col. 2, lines 6-24), router, switch, network appliance, security 
system, anti-virus system, anti-spam system, intrusion detection system, content filtering system, 
mail server, web server, quality of service provisioner, and gateway. 

Regarding claim 48, the method of claim 46 further comprising: coupling the host system to one 
or more application programming interfaces (Shipley: col. 5, lines 24-32; Fig. 1). 

Regarding claim 53, the method of claim 42 further comprising: correlating events between one 
or more data flows (Shipley: col. 6, lines 4-18). 
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Regarding claim 61, the Shipley reference teaches the network classifier of claim 42. 
The Shipley reference fails to teach storing in a flow. 

However, the Ades reference the method of claim 42 further comprising: storing a history 
of the received data, said history being used to extract the features from the received data (Ades: 
page 35-36, para 541) in order to allow messages to take the shortest path across the network 
(Ades: page 35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow database as taught by Ades 
in order to allow messages to take shortest path across the network (Ades: page 35, para 541). 

Regarding claim 62, the Shipley reference teaches the apparatus of claim 42. 
The Shipley reference fails to state multiplexing. 
However, the Ades reference teaches: 

multiplexing the data so as to provide for context switching between one or more of a 
plurality of data flows (Ades: page 21, 35 and para 77, 289); and retaining states of said one or 
more of a plurality of data flows for said context switching (Ades: page 35-36, para 541) in order 
to allow messages to take the shortest path across the network (Ades: page 35, para 541). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include flow identifiers and database as 
taught by Ades in order to allow messages to take shortest path across the network (Ades: page 
35, para 541). 

Claims 18-19, 22-23 and 27-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable by U.S. Patent No. 6,119,236 by Shipley in view of U.S Patent No. 5,253,330 
by Ramacher. 

Regarding claim 18, the Shipley reference teaches the network classifier of claim 1 1. 

The Shipley reference fails to teach types of statistical classifiers. 

However, the Ramacher reference teaches a statistical classifier includes at least one of 
linear discriminant classifier, artificial neural network classifier (Ramacher: col. 1, lines 7-17; 
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col. 3, lines 29-32), support vector machine classifier, Bayesian network classifier, decision tree 
classifier; and nearest neighbor classifier in order to perform classification with weighting 
associated with connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include an artificial neural network 
classifier as taught by Ramacher in order to perform classification with weighting associated 
with connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 22, the network classifier of claim 18 wherein the statistical classifier further 
generates a probability associated with a multitude of classes for the received data (Shipley: col. 
7, lines 1-50). 

Regarding claim 23, the network classifier of claim 22 wherein the statistical classifier classifies 
the received data for at least one of the applications selected from a group consisting of intrusion 
detection (Shipley: col. 7, lines 1-50), content filtering, anti-spam, anti-virus, bandwidth 
management, quality of service provisioning, and network monitoring. 

Regarding claim 19, the Shipley reference teaches the network classifier of claim 1. 

The Shipley reference fails to teach types of statistical classifiers. 

However, the Ramacher reference teaches the network classifier of claim 1 8 wherein the 
artificial neural network classifier is configured to operate in accordance with an activation 
function selected from the group consisting of sigmoid function (Ramacher: col. 5, line 39), 
hyperbolic tan function (Ramacher: col. 1, line 23-27), Gaussian radial basis function, 
exponential radial basis function, and a non-linear function in order to perform classification 
with weighting associated with connections (Ramacher: col.. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include an artificial neural network 
classifier as taught by Ramacher in order to perform classification with weighting associated 
with connections (Ramacher: col.. 6, lines 29-34). 
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Regarding claim 27, the Shipley reference teaches the statistical classifier of claim 1, 

a lookup table configured to store weights for a multitude of events associated with the 

network data (Shipley: col. 7, lines 1-50). 

The Shipley reference fails to state an adder. 
However, the Ramacher reference teaches 

an adder coupled to add the weights it receives from the look-up table (Ramacher: col. 5, 
lines 36-43; col .2, lines 55-63); 

a register configured to store a value (Ramacher: Fig. 1); 
an accumulator (Ramacher: col. 5, lines 36-43); and 

a multiplexer having a first input terminal and a second input terminal and configured to 
deliver to the accumulator one of the added weights it receives from the adder at its first input 
terminal and the value it receives from the register at its second input terminal (Ramacher: col. 5, 
lines 36-43), the accumulator further configured to supply a summation of the added weights to 
the adder (Ramacher: col. 5, lines 36-43) in order to perform arithmetic operations with 
weighting associated with classifying connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 28, the Shipley reference teaches the statistical classifier in claim 1. 
The Shipley reference fails to state summation. 
However, the Ramacher reference teaches 

the integrated circuit of claim 27 furthermore comprising: a hardware logic block 
configured to apply one of linear and non-linear functions to the summation stored in the 
accumulator (Ramacher: col. 5, lines 36-43) in order to perform arithmetic operations with 
weighting associated with classifying connections (Ramacher: col. 6, lines 29-34). 
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It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 29, the Shipley reference teaches the statistical classifier in claim 1. 
The Shipley reference fails to state an accumulator. 
However, the Ramacher reference teaches 

the integrated circuit of claim 28 wherein the hardware logic block is configured to apply 
a non-linear function to the summation stored in the accumulator using lookup table (Ramacher: 
col. 5, lines 36-43) in order to perform arithmetic operations with weighting associated with 
classifying connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 30, the Shipley reference teaches the statistical classifier in claim 1. 
The Shipley reference fails to state a hardware block. 
However, the Ramacher reference teaches 

the integrated circuit of claim 28 wherein the hardware logic block is formed in a 
programmable device (Ramacher: col. 2, line 33-34) in order to perform arithmetic operations 
with weighting associated with classifying connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 31, the Shipley reference teaches the statistical classifier in claim 1. 



Application/Control Number: 

10/661,384 

Art Unit: 2155 



Page 15 



The Shipley reference fails to state the integrated circuit. 
However, the Ramacher reference teaches 

the integrated circuit of claim 28 wherein the register is programmable (Ramacher: col. 
5, lines 36-43) in order to perform arithmetic operations with weighting associated with 
classifying connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 32, the Shipley reference teaches the statistical classifier in claim 1. 
The Shipley reference fails to state the hardware logic block of 28. 
However, the Ramacher reference teaches 

the integrated circuit of claim 28 wherein the hardware logic block is programmable 
(Ramacher: col. 5, lines 36-43) in order to perform arithmetic operations with weighting 
associated with classifying connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by Shipley to include arithmetic hardware as taught by 
Ramacher in order to perform arithmetic operations with weighting associated with classifying 
connections (Ramacher: col. 6, lines 29-34). 

Claims 54-55, 58-59 are rejected under 35 U.S.C. 103(a) as being unpatentable by 
U.S. Patent No. 6,119,236 by Shipley in view of U.S Patent Publication No. 20020042274 by 
Ades in further view of U.S Patent No. 5,253,330 by Ramacher. 

Regarding claim 54, the modified Shipley reference teaches the network classifier of claim 53. 

The modified Shipley reference fails to teach types of statistical classifiers. 

However, the Ramacher reference teaches wherein the statistically classifying of the data 
is carried out using a statistical classifier that includes at least one of linear discriminant 
classifier, artificial neural network classifier (Ramacher: col. 1, lines 7-17; col. 3, lines 29-32), 
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support vector machine classifier, Bayesian network classifier, decision tree classifier; and 
nearest neighbor classifier in order to perform classification with weighting associated with 
connections (Ramacher: col. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by modified Shipley to include an artificial neural 
network classifier as taught by Ramacher in order to perform classification with weighting 
associated with connections (Ramacher: col. 6, lines 29-34). 

Regarding claim 55, the modified Shipley reference teaches the network classifier of claim 40. 

The modified Shipley reference fails to teach types of statistical classifiers. 

However, the Ramacher reference teaches wherein the artificial neural network classifier 
is configured to operate in accordance with an activation function selected from the group 
consisting of sigmoid function (Ramacher: col. 5, line 39), hyperbolic tan function (Ramacher: 
col. 1, line 23-27), Gaussian radial basis function, exponential radial basis function, and a non- 
linear function in order to perform classification with weighting associated with connections 
(Ramacher: col.. 6, lines 29-34). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by modified Shipley to include an artificial neural 
network classifier as taught by Ramacher in order to perform classification with weighting 
associated with connections (Ramacher: col.. 6, lines 29-34). 

Regarding claim 58, the method of claim 54 wherein the statistical classifier further generates a 
probability associated with a multitude of classes for the received data (Shipley: col. 7, lines 1- 
50). 

Regarding claim 59, the method of claim 58 wherein the statistical classifier classifies the 
received data for at least one of the applications selected from a group consisting of intrusion 
detection (Shipley: col. 7, lines 1-50), content filtering, antivirus, bandwidth management, 
quality of service provisioning, anti-spam, and network management. 
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Claims 20-21 are rejected under 35 U.S.C. 103(a) as being unpatentable by U.S. 
Patent No. 6,1 19,236 by Shipley in view of U.S Patent No. 5,253,330 by Ramacher in 
further view of U.S Patent Publication No. 20030065632 by Hubey et al. 

Regarding claim 20, the modified Shipley reference teaches the network classifier of claim 18. 

The modified Shipley reference fails to teach a support vector machine classifier. 

However, the Hubey reference teaches wherein the support vector machine classifier 
(Hubey: page 7, para 102) is configured to operate in accordance with a kernel function selected 
from a group consisting of a linear projection function, polynomial function, piece-wise linear 
function, sigmoid function, Gaussian radial basis function, exponential radial basis function, and 
a non-linear transformation function (Hubey: page 7, para 102, 120) in order to classify data 
according to a set of different classification algorithms (Hubey: page 1, para 9). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by the modified Shipley to include classification 
algorithms as taught by Hubey in order to classify data according to a set of different 
classification algorithms (Hubey: page 1, para 9). 

Regarding claim 21, the modified Shipley reference teaches the network classifier of claim 18. 

The modified Shipley reference fails to teach types of distances. 

However, the Hubey reference teaches the network classifier of claim 1 8 wherein the 
nearest neighbor classifier is configured to operate in accordance with a distance metric selected 
from a group consisting of Euclidean distance, Mahalanobis distance, and Manhattan distance 
(Hubey: page 1, para 15) in order to classify data according to a set of different classification 
algorithms (Hubey: page 1, para 9). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by the modified Shipley to include classification 
algorithms as taught by Hubey in order to classify data according to a set of different 
classification algorithms (Hubey: page 1, para 9). 
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Claims 56-57 are rejected under 35 U.S.C. 103(a) as being unpatentable by U.S. 
Patent No. 6,119,236 by Shipley in view of U.S Patent Publication No. 20020042274 by Ades 
in further view of U.S Patent No. 5,253,330 by Ramacher in further view of U.S Patent 
Publication No. 20030065632 by Hubey et al. 

Regarding claim 56, the modified Shipley reference teaches the network classifier of claim 54. 

The modified Shipley reference fails to teach a support vector machine classifier. 

However, the Hubey reference teaches a support vector machine classifier (Hubey: page 
7, para 102) is configured to operate in accordance with a kernel function selected from a group 
consisting of a linear projection function, polynomial function, piece-wise linear function, 
sigmoid function, Gaussian radial basis function, exponential radial basis function, and a non- 
linear transformation function (Hubey: page 7, para 102, 120) in order to classify data according 
to a set of different classification algorithms (Hubey: page 1, para 9). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by the modified Shipley to include classification 
algorithms as taught by Hubey in order to classify data according to a set of different 
classification algorithms (Hubey: page 1, para 9). 

Regarding claim 57, the modified Shipley reference teaches the network classifier of claim 54. 

The modified Shipley reference fails to teach types of distances. 

However, the Hubey reference teaches the method of claim 54 wherein the nearest 
neighbor classifier is configured to operate in accordance with a distance metric selected from a 
group consisting of Euclidean distance, Mahalanobis distance, and Manhattan distance (Hubey: 
page 1, para 15) in order to classify data according to a set of different classification algorithms 
(Hubey: page 1, para 9). 

It would have been obvious at the time of the invention to one of ordinary skill in the art 
to create the network classifier as taught by the modified Shipley to include classification 
algorithms as taught by Hubey in order to classify data according to a set of different 
classification algorithms (Hubey: page 1, para 9). 



Application/Control Number: 

10/661,384 

Art Unit: 2155 



Page 19 



REMARKS 

Applicant has presented minor claim amendments fixing clarity and 1 12 issues. Applicant 
has presented arguments towards the claimed limitations. 
The Applicant Argues : 

Regarding claim 1, applicant argues that Shipley does not teach the claimed limitations. 

In response , the examinerjespectfully submits: 

The examiner maintains the rejections. Shipley teaches "a statistical classifier coupled to 
the feature extraction hardware block and configured to statistically classify the data into any one 
of a plurality of data classes in accordance with the extracted features in col. 3, lines 45-54 and 
col. 7, lines 1-50. Shipley teaches statistical classification and weighting of data according to 
sensitivity of data being accessed and complexity of the attack. Data is categorized into 
seriousness of breach and determines the react policy based on the classified or weighted level of 
seriousness. 

The Shipley reference teaches one or more network interfaces configured to receive 
packets carrying the data in col. 5, lines 24-32 where a network interface is used to receive and 
monitor the packets and their data in real time. It would need to receive the packets in order to 
read and "look for code patterns" on them. 

In Shipley col. 5, lines 58- col. 6, line 2, the reference shows extracting features such as 
code patterns and breach attempts. By amending to state 'a hardware block 5 applicant has 
intended to overcome the features of Shipley that perform the same actions in software. 
However, software is run on hardware and as the steps of figure 2, elements 34 and 36 are run on 
Figure 1, tags 26, 31, hardware defined in the specification col. 4, lines 23-67. 

Shipley teaches a policy engine coupled to the statistical classifier and configured to 
define rules corresponding to the data classes (Shipley: col. 7, lines 51-56), wherein the 
statistical classifier is further configured to statistically classify the data at a same rate at which 
the network interface receives the packets (Shipley: col. 6, lines 4-14). The rules are what 
determines the weights attached to the seriousness of breach. For example a rule of assigning 
more weight to a breach of sensitive data as opposed to a rule of assigning a seriousness or 
weight based on sophistication of the breach (Shipley: col. 7, lines 1-67). 
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Regarding claim 10 5 Shipley teaches a feature extractor is the INSD in which the code is 
analyzed. The administrator can configure and program the INSD to look for and weight 
different breaches according to the administrators' requirements see col. 8, lines 30-49. 

Regarding claim 1 1, see the arguments addressed above in claim 1, 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin R Bruckart whose telephone number 571-272-3982. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Saleh Najjar can be reached on (571) 272-4006. The fax phone numbers for the organization 
where this application or proceeding is assigned are (571) 273-8300 for regular 
communications and after final communications. 
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Any inquiry of a general nature or relating to the status of this application or proceeding 

should be directed to the examiner whose telephone number is 571-272-3982. 

Benjamin R Bruckart 

Examiner 

Art Unit 2155 
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